Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS" from Eric J. Bowman on 2014-12-31 (public-privacy@w3.org from October to December 2014)

From: Eric J. Bowman <eric@bisonsystems.net>
Date: Tue, 30 Dec 2014 18:17:17 -0700
To: Marc Fawzi <marc.fawzi@gmail.com>
Cc: "henry.story@bblfish.net" <henry.story@bblfish.net>, Chris Palmer <palmer@google.com>, Nick Doty <npdoty@w3.org>, David Singer <singer@apple.com>, TAG List <www-tag@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <20141230181717.475129a60abc5ce7868b1ec3@bisonsystems.net>

Marc Fawzi wrote:
>
> I don't understand the fixation with TLS. 
> 

Me either.

>
> DANE sounds good on the surface and so does the "certificate
> transparency" initiative (for CA auditing) 
> 

Or maybe, the fact that the PKI/CA system needs so much fixing, should
be taken as evidence that a better solution needs devising. Instead of
pouring the anointing oil on a solution that doesn't solve the problem.

-Eric

Received on Wednesday, 31 December 2014 01:17:34 UTC